Beating AI Hackers: Lessons Learned from Hollywood

I have always been a massive fan of hacking and Computer AI movies. I have seen my favorite hacking movies more than I can count: WarGames, Tron, Hackers, Sneakers, Enemy of the State, Swordfish, Matrix, Blackhat, and even Live Free or Die Hard (hey, seeing Bruce Willis in the world of Critical Infrastructure was interesting!). AI movies/shows are newer, but Westworld, Moon, Avengers: Age of Ultron, M3gan, I Robot, Ex Machina, 2001:  Space Odyssey, and The Terminator significantly influenced my sci-fi fandom. For real AI fans, you may have watched Colossus: The Forbin Project when you were growing up (which feels a LOT like Age of Ultron). Many people may have missed it, but a sequel to WarGames called WarGames: The Dead Code had two AIs battling: W.O.P.R versus R.I.P.L.E.Y. to either control or protect mankind.

As BlastWave began our journey into studying AI and how to help protect OT networks from AI-powered attacks, I thought back to many of these movies and how AI was ultimately defeated (If it was). Although these were “just” movies, the theories they explore often come from technical experts in their fields. 

I also thought back to my early career when I worked in computer security, where we used to quote Gene Spafford:

That may not seem practical … at least not precisely. One common theme in movies was that the initial way to contain AI was to block connections to the Internet. Ultron, Terminator, M3gan, and Ex Machina all played on this theme. Once that external connection occurred, then the chaos began. There is a lesson there to be learned.

How to Defeat AI Hacking: Do not give AI access to your network. 

Rather than letting AI connect to the internet, let’s look at it differently. If the AI can’t get access to your network, then it can’t attack it. OT networks for years required Air Gaps from the internet, but unfortunately that isn’t really possible today. Many OT systems are remote-controlled, and their administrators and contractors need remote access to manage and monitor them. 

But you can create a Virtual Air Gap. Some firewalls and VPN solutions tried to do that, but AI can beat both because the keys to access can be stolen or hijacked. AI can’t (yet) beat a system that does not allow internal systems internet access, and the gateway can only be accessed by biometric authentication. In Gene Spafford's terms, the door is locked and guarded. Enemy of the State played on this theme with Gene Hackman’s character, who “stayed off the grid” to avoid detection.

If you combine Network Cloaking with biometric-enforced Secure Remote Access, you get something that an AI can’t see (cloaking) and can’t access (biometrics). Operational Technology networks are sometimes called “Cyber-Physical” because they combine physical systems with network technology. Both Tom and Peter’s blogs on GenAI built on the idea that the best way to fight AI is to reduce the attack surface as much as you can and protect what is left with non-AI-accessible techniques (like biometrics). 

If the machines turn into humans like in The Terminator, Westworld, and Ex Machina, then BlastWave can’t help you. 

Until then, give our solution a try. Get a demo here.